The Congo domains (.cd) for Amazon, Audi, AVG, BBC, BMW, Canon, DHL, eBay, Fujitsu, GoDaddy, Hitachi, Honda, IBM, Panasonic, Toshiba, Mercedes, Rolex, Samsung, T-Mobile, Volkswagen and many others have been defaced by hackers of TeaM MaDLeeTs.
In reality, many of these companies don’t even have a .cd domain. However, that doesn’t matter in this particular attack. The attackers breached the systems of the Congolese Network Information Centre (NIC) and modified DNS entries so that the visitors of these domains would be redirected to their defacement page.
At the time of writing, the DNS records appear to have been restored. However, the hackers have made available defacement mirrors to prove the attack.
I’m trying to contact representatives of the Congolese NIC to see if they can provide any additional details on this attack. This post will be updated in case more information becomes available.
This isn’t the first time TeaM MaDLeeTs uses DNS poisoning to deface websites. Their latest target has been the Montenegro domain registrar .ME. In the attack against .ME, the hackers made it look as if they had hijacked 3,500 parked domains. In reality, they simply defaced the webpage to which parked domain names resolve.
While TeaM MaDLeeTs is often involved in hacktivist operations, they often target organizations just to demonstrate that their systems are not properly secured.